testing/web-platform/tests/credential-management/fedcm-iframe.https.html

   1 <!doctype html>
   2 <link rel="help" href="https://wicg.github.io/FedCM">
   3 <script src="/resources/testharness.js"></script>
   4 <script src="/resources/testharnessreport.js"></script>
   5 <script src="/common/get-host-info.sub.js"></script>
   6 <div id=log>
   7 <script type="module">
   8 'use strict';
   9
  10 import {fedcm_test, set_fedcm_cookie} from './support/fedcm-helper.sub.js';
  11
  12 const host = get_host_info();
  13 // This regex removes the filename from the path so that we just get
  14 // the directory.
  15 const basePath = window.location.pathname.replace(/\/[^\/]*$/, '/');
  16 const remoteBaseURL = host.HTTPS_REMOTE_ORIGIN + basePath;
  17 const localhostBaseURL = "http://localhost:" + host.HTTP_PORT + basePath;
  18
  19 async function createIframeAndWaitForMessage(test, iframeUrl, setPermissionPolicy) {
  20     const messageWatcher = new EventWatcher(test, window, "message");
  21     var iframe = document.createElement("iframe");
  22     iframe.src = iframeUrl;
  23     if (setPermissionPolicy) {
  24       iframe.allow = "identity-credentials-get";
  25     }
  26     document.body.appendChild(iframe);
  27     const message = await messageWatcher.wait_for("message");
  28     return message.data;
  29 }
  30
  31 fedcm_test(async t => {
  32   const message = await createIframeAndWaitForMessage(
  33       t, remoteBaseURL + "support/fedcm-iframe.html",
  34       /*setPermissionPolicy=*/false);
  35   assert_equals(message.result, "Fail");
  36   assert_equals(message.errorType, "NotAllowedError");
  37 }, "FedCM disabled in cross origin iframe without permissions policy");
  38
  39 fedcm_test(async t => {
  40   const message = await createIframeAndWaitForMessage(
  41       t, remoteBaseURL + "support/fedcm-iframe-level2.html",
  42       /*setPermissionPolicy=*/true);
  43   assert_equals(message.result, "Pass");
  44   assert_equals(message.token, "token");
  45 }, "FedCM enabled in 2 level deep nested iframe. FedCM should be enabled regardless of iframe nesting depth");
  46
  47 fedcm_test(async t => {
  48   const message = await createIframeAndWaitForMessage(
  49       t, remoteBaseURL + "support/fedcm-iframe-level2.html",
  50       /*setPermissionPolicy=*/false);
  51   assert_equals(message.result, "Fail");
  52   assert_equals(message.errorType, "NotAllowedError");
  53 }, "FedCM disabled in 2 level deep nested iframe where middle iframe does not have permission policy");
  54
  55 fedcm_test(async t => {
  56   const message = await createIframeAndWaitForMessage(
  57       t, remoteBaseURL + "support/fedcm-iframe-level2.html?permission=0",
  58       /*setPermissionPolicy=*/true);
  59   assert_equals(message.result, "Fail");
  60   assert_equals(message.errorType, "NotAllowedError");
  61 }, "FedCM disabled in 2 level deep nested iframe where innermost iframe does not have permission policy");
  62
  63 fedcm_test(async t => {
  64   // This is only an iframe because there's no other way to have this URL
  65   // loaded from localhost.
  66   const message = await createIframeAndWaitForMessage(
  67       t, localhostBaseURL + "support/fedcm-iframe.html",
  68       /*setPermissionPolicy=*/true);
  69   assert_equals(message.result, "Pass");
  70   assert_equals(message.token, "token");
  71 }, "FedCM should work in non-HTTPS URLs on localhost");
  72
  73 </script>